From d46d61efecbec83b26543a360c75e48c05bbf544 Mon Sep 17 00:00:00 2001
From: David Drysdale <drysdale@google.com>
Date: Mon, 28 Jun 2021 13:18:23 +0100
Subject: [PATCH] KeyMint VTS: allow for stricter SharedSecret impls

Bug: 192223752
Test: VtsAidlSharedSecretTargetTest
Change-Id: Iccf2d0fe2a2d10ad12269dfecf78ea1d831c3ad4
---
 .../vts/functional/SharedSecretAidlTest.cpp   | 28 +++++++++++++------
 1 file changed, 20 insertions(+), 8 deletions(-)

diff --git a/security/sharedsecret/aidl/vts/functional/SharedSecretAidlTest.cpp b/security/sharedsecret/aidl/vts/functional/SharedSecretAidlTest.cpp
index 919f882631..51938baa82 100644
--- a/security/sharedsecret/aidl/vts/functional/SharedSecretAidlTest.cpp
+++ b/security/sharedsecret/aidl/vts/functional/SharedSecretAidlTest.cpp
@@ -268,10 +268,16 @@ TEST_F(SharedSecretAidlTest, ComputeSharedSecretShortNonce) {
                     << "Shared secret service that provided tweaked param should fail to compute "
                        "shared secret";
         } else {
-            EXPECT_EQ(ErrorCode::OK, responses[i].error) << "Others should succeed";
-            EXPECT_NE(correct_response, responses[i].sharing_check)
-                    << "Others should calculate a different shared secret, due to the tweaked "
-                       "nonce.";
+            // Other services *may* succeed, or may notice the invalid size for the nonce.
+            // However, if another service completes the computation, it should get the 'wrong'
+            // answer.
+            if (responses[i].error == ErrorCode::OK) {
+                EXPECT_NE(correct_response, responses[i].sharing_check)
+                        << "Others should calculate a different shared secret, due to the tweaked "
+                           "nonce.";
+            } else {
+                EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, responses[i].error);
+            }
         }
     }
 }
@@ -348,10 +354,16 @@ TEST_F(SharedSecretAidlTest, ComputeSharedSecretShortSeed) {
                     << "Shared secret service that provided tweaked param should fail to compute "
                        "shared secret";
         } else {
-            EXPECT_EQ(ErrorCode::OK, responses[i].error) << "Others should succeed";
-            EXPECT_NE(correct_response, responses[i].sharing_check)
-                    << "Others should calculate a different shared secret, due to the tweaked "
-                       "nonce.";
+            // Other services *may* succeed, or may notice the invalid size for the seed.
+            // However, if another service completes the computation, it should get the 'wrong'
+            // answer.
+            if (responses[i].error == ErrorCode::OK) {
+                EXPECT_NE(correct_response, responses[i].sharing_check)
+                        << "Others should calculate a different shared secret, due to the tweaked "
+                           "seed.";
+            } else {
+                EXPECT_EQ(ErrorCode::INVALID_ARGUMENT, responses[i].error);
+            }
         }
     }
 }