1 files changed, 129 insertions, 6 deletions
diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
index e266a86e..c89abd90 100644
--- a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
+++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
@@ -16,6 +16,9 @@
 #include "KeymasterHidlTest.h"
+#include <vector>
+#include <android-base/logging.h>
 #include <android/hidl/manager/1.0/IServiceManager.h>
 #include <keymasterV4_0/key_param_output.h>
@@ -383,12 +386,18 @@ string KeymasterHidlTest::ProcessMessage(const HidlBuf& key_blob, KeyPurpose ope
    AuthorizationSet begin_out_params;
    EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));
+    string output;
+    size_t consumed = 0;
+    AuthorizationSet update_params;
+    AuthorizationSet update_out_params;
+    EXPECT_EQ(ErrorCode::OK,
+              Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
    string unused;
    AuthorizationSet finish_params;
    AuthorizationSet finish_out_params;
-    string output;
+    EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), unused,
-    EXPECT_EQ(ErrorCode::OK,
+                                    &finish_out_params, &output));
-              Finish(op_handle_, finish_params, message, unused, &finish_out_params, &output));
    op_handle_ = kOpHandleSentinel;
    out_params->push_back(begin_out_params);
@@ -480,12 +489,20 @@ void KeymasterHidlTest::VerifyMessage(const HidlBuf& key_blob, const string& mes
    ASSERT_EQ(ErrorCode::OK,
              Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));
+    string output;
+    AuthorizationSet update_params;
+    AuthorizationSet update_out_params;
+    size_t consumed;
+    ASSERT_EQ(ErrorCode::OK,
+              Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
+    EXPECT_TRUE(output.empty());
+    EXPECT_GT(consumed, 0U);
    string unused;
    AuthorizationSet finish_params;
    AuthorizationSet finish_out_params;
-    string output;
+    EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), signature,
-    EXPECT_EQ(ErrorCode::OK,
+                                    &finish_out_params, &output));
-              Finish(op_handle_, finish_params, message, signature, &finish_out_params, &output));
    op_handle_ = kOpHandleSentinel;
    EXPECT_TRUE(output.empty());
 }
@@ -585,6 +602,112 @@ std::pair<ErrorCode, HidlBuf> KeymasterHidlTest::UpgradeKey(const HidlBuf& key_b
                           });
    return retval;
 }
+std::vector<uint32_t> KeymasterHidlTest::ValidKeySizes(Algorithm algorithm) {
+    switch (algorithm) {
+        case Algorithm::RSA:
+            switch (SecLevel()) {
+                case SecurityLevel::TRUSTED_ENVIRONMENT:
+                    return {2048, 3072, 4096};
+                case SecurityLevel::STRONGBOX:
+                    return {2048};
+                default:
+                    CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
+                    break;
+            }
+            break;
+        case Algorithm::EC:
+            switch (SecLevel()) {
+                case SecurityLevel::TRUSTED_ENVIRONMENT:
+                    return {224, 256, 384, 521};
+                case SecurityLevel::STRONGBOX:
+                    return {256};
+                default:
+                    CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
+                    break;
+            }
+            break;
+        case Algorithm::AES:
+            return {128, 256};
+        case Algorithm::TRIPLE_DES:
+            return {168};
+        case Algorithm::HMAC: {
+            std::vector<uint32_t> retval((512 - 64) / 8 + 1);
+            uint32_t size = 64 - 8;
+            std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
+            return retval;
+        }
+        default:
+            CHECK(false) << "Invalid Algorithm: " << algorithm;
+            return {};
+    }
+    CHECK(false) << "Should be impossible to get here";
+    return {};
+}
+std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
+    if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
+    CHECK(SecLevel() == SecurityLevel::STRONGBOX);
+    switch (algorithm) {
+        case Algorithm::RSA:
+            return {3072, 4096};
+        case Algorithm::EC:
+            return {224, 384, 521};
+        default:
+            return {};
+    }
+}
+std::vector<EcCurve> KeymasterHidlTest::ValidCurves() {
+    if (securityLevel_ == SecurityLevel::STRONGBOX) {
+        return {EcCurve::P_256};
+    } else {
+        return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
+    }
+}
+std::vector<EcCurve> KeymasterHidlTest::InvalidCurves() {
+    if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
+    CHECK(SecLevel() == SecurityLevel::STRONGBOX);
+    return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
+}
+std::initializer_list<Digest> KeymasterHidlTest::ValidDigests(bool withNone, bool withMD5) {
+    std::vector<Digest> result;
+    switch (SecLevel()) {
+        case SecurityLevel::TRUSTED_ENVIRONMENT:
+            if (withNone) {
+                if (withMD5)
+                    return {Digest::NONE,      Digest::MD5,       Digest::SHA1,
+                            Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
+                            Digest::SHA_2_512};
+                else
+                    return {Digest::NONE,      Digest::SHA1,      Digest::SHA_2_224,
+                            Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
+            } else {
+                if (withMD5)
+                    return {Digest::MD5,       Digest::SHA1,      Digest::SHA_2_224,
+                            Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
+                else
+                    return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
+                            Digest::SHA_2_512};
+            }
+            break;
+        case SecurityLevel::STRONGBOX:
+            if (withNone)
+                return {Digest::NONE, Digest::SHA_2_256};
+            else
+                return {Digest::SHA_2_256};
+            break;
+        default:
+            CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
+            break;
+    }
+    CHECK(false) << "Should be impossible to get here";
+    return {};
+}
+std::vector<Digest> KeymasterHidlTest::InvalidDigests() {
+    return {};
+}
 }  // namespace test
 }  // namespace V4_0

diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp index e266a86e..c89abd90 100644 --- a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp +++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
@@ -16,6 +16,9 @@
16		16
17	#include "KeymasterHidlTest.h"	17	#include "KeymasterHidlTest.h"
18		18
		19	#include <vector>
		20
		21	#include <android-base/logging.h>
19	#include <android/hidl/manager/1.0/IServiceManager.h>	22	#include <android/hidl/manager/1.0/IServiceManager.h>
20		23
21	#include <keymasterV4_0/key_param_output.h>	24	#include <keymasterV4_0/key_param_output.h>
@@ -383,12 +386,18 @@ string KeymasterHidlTest::ProcessMessage(const HidlBuf& key_blob, KeyPurpose ope
383	AuthorizationSet begin_out_params;	386	AuthorizationSet begin_out_params;
384	EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));	387	EXPECT_EQ(ErrorCode::OK, Begin(operation, key_blob, in_params, &begin_out_params, &op_handle_));
385		388
		389	string output;
		390	size_t consumed = 0;
		391	AuthorizationSet update_params;
		392	AuthorizationSet update_out_params;
		393	EXPECT_EQ(ErrorCode::OK,
		394	Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
		395
386	string unused;	396	string unused;
387	AuthorizationSet finish_params;	397	AuthorizationSet finish_params;
388	AuthorizationSet finish_out_params;	398	AuthorizationSet finish_out_params;
389	string output;	399	EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), unused,
390	EXPECT_EQ(ErrorCode::OK,	400	&finish_out_params, &output));
391	Finish(op_handle_, finish_params, message, unused, &finish_out_params, &output));
392	op_handle_ = kOpHandleSentinel;	401	op_handle_ = kOpHandleSentinel;
393		402
394	out_params->push_back(begin_out_params);	403	out_params->push_back(begin_out_params);
@@ -480,12 +489,20 @@ void KeymasterHidlTest::VerifyMessage(const HidlBuf& key_blob, const string& mes
480	ASSERT_EQ(ErrorCode::OK,	489	ASSERT_EQ(ErrorCode::OK,
481	Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));	490	Begin(KeyPurpose::VERIFY, key_blob, params, &begin_out_params, &op_handle_));
482		491
		492	string output;
		493	AuthorizationSet update_params;
		494	AuthorizationSet update_out_params;
		495	size_t consumed;
		496	ASSERT_EQ(ErrorCode::OK,
		497	Update(op_handle_, update_params, message, &update_out_params, &output, &consumed));
		498	EXPECT_TRUE(output.empty());
		499	EXPECT_GT(consumed, 0U);
		500
483	string unused;	501	string unused;
484	AuthorizationSet finish_params;	502	AuthorizationSet finish_params;
485	AuthorizationSet finish_out_params;	503	AuthorizationSet finish_out_params;
486	string output;	504	EXPECT_EQ(ErrorCode::OK, Finish(op_handle_, finish_params, message.substr(consumed), signature,
487	EXPECT_EQ(ErrorCode::OK,	505	&finish_out_params, &output));
488	Finish(op_handle_, finish_params, message, signature, &finish_out_params, &output));
489	op_handle_ = kOpHandleSentinel;	506	op_handle_ = kOpHandleSentinel;
490	EXPECT_TRUE(output.empty());	507	EXPECT_TRUE(output.empty());
491	}	508	}
@@ -585,6 +602,112 @@ std::pair<ErrorCode, HidlBuf> KeymasterHidlTest::UpgradeKey(const HidlBuf& key_b
585	});	602	});
586	return retval;	603	return retval;
587	}	604	}
		605	std::vector<uint32_t> KeymasterHidlTest::ValidKeySizes(Algorithm algorithm) {
		606	switch (algorithm) {
		607	case Algorithm::RSA:
		608	switch (SecLevel()) {
		609	case SecurityLevel::TRUSTED_ENVIRONMENT:
		610	return {2048, 3072, 4096};
		611	case SecurityLevel::STRONGBOX:
		612	return {2048};
		613	default:
		614	CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
		615	break;
		616	}
		617	break;
		618	case Algorithm::EC:
		619	switch (SecLevel()) {
		620	case SecurityLevel::TRUSTED_ENVIRONMENT:
		621	return {224, 256, 384, 521};
		622	case SecurityLevel::STRONGBOX:
		623	return {256};
		624	default:
		625	CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
		626	break;
		627	}
		628	break;
		629	case Algorithm::AES:
		630	return {128, 256};
		631	case Algorithm::TRIPLE_DES:
		632	return {168};
		633	case Algorithm::HMAC: {
		634	std::vector<uint32_t> retval((512 - 64) / 8 + 1);
		635	uint32_t size = 64 - 8;
		636	std::generate(retval.begin(), retval.end(), [&]() { return (size += 8); });
		637	return retval;
		638	}
		639	default:
		640	CHECK(false) << "Invalid Algorithm: " << algorithm;
		641	return {};
		642	}
		643	CHECK(false) << "Should be impossible to get here";
		644	return {};
		645	}
		646	std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
		647	if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
		648	CHECK(SecLevel() == SecurityLevel::STRONGBOX);
		649	switch (algorithm) {
		650	case Algorithm::RSA:
		651	return {3072, 4096};
		652	case Algorithm::EC:
		653	return {224, 384, 521};
		654	default:
		655	return {};
		656	}
		657	}
		658
		659	std::vector<EcCurve> KeymasterHidlTest::ValidCurves() {
		660	if (securityLevel_ == SecurityLevel::STRONGBOX) {
		661	return {EcCurve::P_256};
		662	} else {
		663	return {EcCurve::P_224, EcCurve::P_256, EcCurve::P_384, EcCurve::P_521};
		664	}
		665	}
		666
		667	std::vector<EcCurve> KeymasterHidlTest::InvalidCurves() {
		668	if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
		669	CHECK(SecLevel() == SecurityLevel::STRONGBOX);
		670	return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
		671	}
		672
		673	std::initializer_list<Digest> KeymasterHidlTest::ValidDigests(bool withNone, bool withMD5) {
		674	std::vector<Digest> result;
		675	switch (SecLevel()) {
		676	case SecurityLevel::TRUSTED_ENVIRONMENT:
		677	if (withNone) {
		678	if (withMD5)
		679	return {Digest::NONE, Digest::MD5, Digest::SHA1,
		680	Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
		681	Digest::SHA_2_512};
		682	else
		683	return {Digest::NONE, Digest::SHA1, Digest::SHA_2_224,
		684	Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
		685	} else {
		686	if (withMD5)
		687	return {Digest::MD5, Digest::SHA1, Digest::SHA_2_224,
		688	Digest::SHA_2_256, Digest::SHA_2_384, Digest::SHA_2_512};
		689	else
		690	return {Digest::SHA1, Digest::SHA_2_224, Digest::SHA_2_256, Digest::SHA_2_384,
		691	Digest::SHA_2_512};
		692	}
		693	break;
		694	case SecurityLevel::STRONGBOX:
		695	if (withNone)
		696	return {Digest::NONE, Digest::SHA_2_256};
		697	else
		698	return {Digest::SHA_2_256};
		699	break;
		700	default:
		701	CHECK(false) << "Invalid security level " << uint32_t(SecLevel());
		702	break;
		703	}
		704	CHECK(false) << "Should be impossible to get here";
		705	return {};
		706	}
		707
		708	std::vector<Digest> KeymasterHidlTest::InvalidDigests() {
		709	return {};
		710	}
588		711
589	} // namespace test	712	} // namespace test
590	} // namespace V4_0	713	} // namespace V4_0