From 08839105dc93d9431f03c8cb1cd3c4e7d85866fd Mon Sep 17 00:00:00 2001 From: Shawn Willden Date: Thu, 29 Mar 2018 20:54:51 -0600 Subject: [PATCH] Correct TripleDes tests. The TripleDes tests failed to set TAG_NO_AUTH_REQUIRED, which causes operations to be rejected by strictly compliant implementations. Bug: 77588764 Test: VtsHalKeymasterV4_0TargetTest Change-Id: I25cd5ec0ccede2b148f5da4566b8e1e20e8edbde --- .../4.0/vts/functional/KeymasterHidlTest.cpp | 3 ++- .../vts/functional/keymaster_hidl_hal_test.cpp | 16 ++++++++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp index 37d8c4251f..e266a86ed9 100644 --- a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp +++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp @@ -462,6 +462,7 @@ void KeymasterHidlTest::CheckTripleDesTestVector(KeyPurpose purpose, BlockMode b auto authset = AuthorizationSetBuilder() .TripleDesEncryptionKey(key.size() * 7) .BlockMode(block_mode) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(padding_mode); if (iv.size()) authset.Authorization(TAG_CALLER_NONCE); ASSERT_EQ(ErrorCode::OK, ImportKey(authset, KeyFormat::RAW, key)); @@ -535,7 +536,7 @@ string KeymasterHidlTest::EncryptMessage(const string& message, BlockMode block_ EXPECT_EQ(1U, out_params.size()); auto ivVal = out_params.GetTagValue(TAG_NONCE); EXPECT_TRUE(ivVal.isOk()); - *iv_out = ivVal.value(); + if (ivVal.isOk()) *iv_out = ivVal.value(); return ciphertext; } diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp index 602355b7d7..061cd5e1e5 100644 --- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp +++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp @@ -3226,11 +3226,10 @@ TEST_F(EncryptionOperationsTest, AesGcmCorruptTag) { * Verifies that 3DES is basically functional. */ TEST_F(EncryptionOperationsTest, TripleDesEcbRoundTripSuccess) { - std::cout << "Hello" << std::endl; - auto auths = AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::ECB) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::NONE); ASSERT_EQ(ErrorCode::OK, GenerateKey(auths)); @@ -3259,6 +3258,7 @@ TEST_F(EncryptionOperationsTest, TripleDesEcbNotAuthorized) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::CBC) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::NONE))); auto inParams = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::NONE); @@ -3274,6 +3274,7 @@ TEST_F(EncryptionOperationsTest, TripleDesEcbPkcs7Padding) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::ECB) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::PKCS7))); for (size_t i = 0; i < 32; ++i) { @@ -3296,6 +3297,7 @@ TEST_F(EncryptionOperationsTest, TripleDesEcbNoPaddingKeyWithPkcs7Padding) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::ECB) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::NONE))); for (size_t i = 0; i < 32; ++i) { auto inParams = @@ -3313,6 +3315,7 @@ TEST_F(EncryptionOperationsTest, TripleDesEcbPkcs7PaddingCorrupted) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::ECB) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::PKCS7))); string message = "a"; @@ -3443,6 +3446,7 @@ TEST_F(EncryptionOperationsTest, TripleDesCbcRoundTripSuccess) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::CBC) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::NONE))); // Two-block message. string message = "1234567890123456"; @@ -3471,6 +3475,7 @@ TEST_F(EncryptionOperationsTest, TripleDesCallerIv) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::CBC) + .Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_CALLER_NONCE) .Padding(PaddingMode::NONE))); string message = "1234567890123456"; @@ -3505,6 +3510,7 @@ TEST_F(EncryptionOperationsTest, TripleDesCallerNonceProhibited) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::CBC) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::NONE))); string message = "12345678901234567890123456789012"; @@ -3536,6 +3542,7 @@ TEST_F(EncryptionOperationsTest, TripleDesCbcNotAuthorized) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::ECB) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::NONE))); // Two-block message. string message = "1234567890123456"; @@ -3553,6 +3560,7 @@ TEST_F(EncryptionOperationsTest, TripleDesCbcNoPaddingWrongInputSize) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::CBC) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::NONE))); // Message is slightly shorter than two blocks. string message = "123456789012345"; @@ -3574,6 +3582,7 @@ TEST_F(EncryptionOperationsTest, TripleDesCbcPkcs7Padding) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::CBC) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::PKCS7))); // Try various message lengths; all should work. @@ -3596,6 +3605,7 @@ TEST_F(EncryptionOperationsTest, TripleDesCbcNoPaddingKeyWithPkcs7Padding) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::CBC) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::NONE))); // Try various message lengths; all should fail. @@ -3615,6 +3625,7 @@ TEST_F(EncryptionOperationsTest, TripleDesCbcPkcs7PaddingCorrupted) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::CBC) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::PKCS7))); string message = "a"; @@ -3645,6 +3656,7 @@ TEST_F(EncryptionOperationsTest, TripleDesCbcIncrementalNoPadding) { ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() .TripleDesEncryptionKey(168) .BlockMode(BlockMode::CBC) + .Authorization(TAG_NO_AUTH_REQUIRED) .Padding(PaddingMode::NONE))); int increment = 7;