Snap for 11224086 from 5eee5ef21fee5c8ae1b2ba4494ce63162ed3ad09 to mainline-tzdata5-releaseaml_tz5_341510050 aml_tz5_341510010 aml_tz5_341510010

Change-Id: I2ac885fee6bc0c049c6e1afe469f3bff2d6e4f0a
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-12-15 09:31:44 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-12-15 09:31:44 +0000
commit: 6f68fd413b0d0e6a08dc05243759afd232aac7f9 (patch)
tree: e3eda8a27c15d50826634228f7a53ca776e6d82c
parent: 2cca4cb8b403c92b76114ed693afc860012ed1f5 (diff)
parent: 5eee5ef21fee5c8ae1b2ba4494ce63162ed3ad09 (diff)
download: wycheproof-aml_tz5_341510010.tar.gz
4 files changed, 80 insertions, 16 deletions
diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
index ea5d91b..001ab89 100644
--- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
+++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
@@ -13,6 +13,7 @@
  */
 package android.keystore.cts.util;
 
+import static org.junit.Assume.assumeTrue;
 import android.content.Context;
 import android.security.keystore.KeyProtection;
 import android.keystore.cts.util.TestUtils;
@@ -53,6 +54,8 @@ public class KeyStoreUtil {
     public static final int KM_VERSION_KEYMASTER_4 = 40;
     public static final int KM_VERSION_KEYMASTER_4_1 = 41;
     public static final int KM_VERSION_KEYMINT_1 = 100;
+    public static final int KM_VERSION_KEYMINT_2 = 200;
+    public static final int KM_VERSION_KEYMINT_3 = 300;
 
     private static final List kmSupportedDigests = List.of("md5","sha-1","sha-224","sha-384",
                                                         "sha-256","sha-512");
@@ -91,7 +94,11 @@ public class KeyStoreUtil {
         }
     }
 
-    public static int getFeatureVersionKeystore() {
+    public static int getFeatureVersionKeystore(boolean isStrongBox) {
+        if (isStrongBox) {
+            return TestUtils.getFeatureVersionKeystoreStrongBox(
+            ApplicationProvider.getApplicationContext());
+        }
         return TestUtils.getFeatureVersionKeystore(ApplicationProvider.getApplicationContext());
     }
 
@@ -173,4 +180,9 @@ public class KeyStoreUtil {
                                 new ByteArrayInputStream(x509holder.getEncoded()));
         return x509c;
     }
+
+    public static void assumeKeyMintV1OrNewer(boolean isStrongBox) {
+        assumeTrue("Test can only run on KeyMint v1 and above",
+            KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KM_VERSION_KEYMINT_1);
+    }
 }
diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java
index 3a42761..5e02de9 100644
--- a/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java
+++ b/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java
@@ -209,16 +209,25 @@ public class MacTest {
   }
 
   @Test
+  // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until
+  // performance requirements can be defined. See http://b/296367623
+  @Ignore
   public void testHmacSha1() throws Exception {
     testMac("HMACSHA1", 20);
   }
 
   @Test
+  // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until
+  // performance requirements can be defined. See http://b/296367623
+  @Ignore
   public void testHmacSha224() throws Exception {
     testMac("HMACSHA224", 28);
   }
 
   @Test
+  // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until
+  // performance requirements can be defined. See http://b/296367623
+  @Ignore
   public void testHmacSha256() throws Exception {
     testMac("HMACSHA256", 32);
   }
@@ -231,11 +240,17 @@ public class MacTest {
   }
 
   @Test
+  // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until
+  // performance requirements can be defined. See http://b/296367623
+  @Ignore
   public void testHmacSha384() throws Exception {
     testMac("HMACSHA384", 48);
   }
 
   @Test
+  // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until
+  // performance requirements can be defined. See http://b/296367623
+  @Ignore
   public void testHmacSha512() throws Exception {
     testMac("HMACSHA512", 64);
   }
@@ -331,7 +346,13 @@ public class MacTest {
   }
 
   @Test
+  // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until
+  // performance requirements can be defined. See http://b/288588810#comment27
+  @Ignore
   public void testLongMacSha1() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
+
     testLongMac(
         "HMACSHA1",
         "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
@@ -347,7 +368,12 @@ public class MacTest {
   }
 
   @Test
+  // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until
+  // performance requirements can be defined. See http://b/288588810#comment27
+  @Ignore
   public void testLongMacSha256() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
     testLongMacSha256(false);
   }
   @Test
@@ -374,7 +400,13 @@ public class MacTest {
   }
 
   @Test
+  // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until
+  // performance requirements can be defined. See http://b/288588810#comment27
+  @Ignore
   public void testLongMacSha384() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
+
     testLongMac(
         "HMACSHA384",
         "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
@@ -394,7 +426,13 @@ public class MacTest {
   }
 
   @Test
+  // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until
+  // performance requirements can be defined. See http://b/288588810#comment27
+  @Ignore
   public void testLongMacSha512() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
+
     testLongMac(
         "HMACSHA512",
         "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
index 5eb47e5..9c2cbf5 100644
--- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
+++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
@@ -60,17 +60,20 @@ public class RsaOaepTest {
   private static PrivateKey saveKeyPairToKeystoreAndReturnPrivateKey(PublicKey pubKey,
         PrivateKey privKey, String digest, String mgfDigest, boolean isStrongBox)
           throws Exception {
+    KeyProtection.Builder keyProtection = new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN |
+            KeyProperties.PURPOSE_VERIFY |
+            KeyProperties.PURPOSE_ENCRYPT |
+            KeyProperties.PURPOSE_DECRYPT)
+            .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1,
+                    KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
+            .setIsStrongBoxBacked(isStrongBox);
+    if (digest.equalsIgnoreCase(mgfDigest)) {
+      keyProtection.setDigests(digest);
+    } else {
+      keyProtection.setDigests(digest, mgfDigest);
+    }
     return (PrivateKey) KeyStoreUtil.saveKeysToKeystore(KEY_ALIAS_1, pubKey, privKey,
-                        new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN |
-                                KeyProperties.PURPOSE_VERIFY |
-                                KeyProperties.PURPOSE_ENCRYPT |
-                                KeyProperties.PURPOSE_DECRYPT)
-                          .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1,
-                                KeyProperties.ENCRYPTION_PADDING_RSA_OAEP)
-                          .setDigests(digest, mgfDigest)
-                          .setIsStrongBoxBacked(isStrongBox)
-                          .build())
-                      .getKey(KEY_ALIAS_1, null);
+            keyProtection.build()).getKey(KEY_ALIAS_1, null);
   }
 
   /**
@@ -192,14 +195,17 @@ public class RsaOaepTest {
   }
 
   protected static OAEPParameterSpec getOaepParameters(JsonObject group,
-    JsonObject test) throws Exception {
+    JsonObject test, boolean isStrongBox) throws Exception {
     String sha = getString(group, "sha");
     String mgf = getString(group, "mgf");
     String mgfSha = getString(group, "mgfSha");
-    // mgfDigest other than SHA-1 are supported from KeyMint V1 and above.
+    // mgfDigest other than SHA-1 are supported from KeyMint V1 and above but some implementations
+    // of keymint V1 and V2 (notably the C++ reference implementation) does not include MGF_DIGEST
+    // tag in key characteriestics hence issue b/287532460 introduced. So non-default MGF_DIGEST is
+    // tested on Keymint V3 and above.
     if (!mgfSha.equalsIgnoreCase("SHA-1")) {
-      assumeTrue("This test is valid for KeyMint version 1 and above.",
-              KeyStoreUtil.getFeatureVersionKeystore() >= KeyStoreUtil.KM_VERSION_KEYMINT_1);
+      assumeTrue("This test is valid for KeyMint version 3 and above.",
+          KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KeyStoreUtil.KM_VERSION_KEYMINT_3);
     }
     PSource p = PSource.PSpecified.DEFAULT;
     if (test.has("label") && !TextUtils.isEmpty(getString(test, "label"))) {
@@ -305,7 +311,7 @@ public class RsaOaepTest {
         String messageHex = TestUtil.bytesToHex(getBytes(testcase, "msg"));
         OAEPParameterSpec params;
         try {
-          params = getOaepParameters(group, testcase);
+          params = getOaepParameters(group, testcase, isStrongBox);
         } catch (UnsupportedKeyParametersException e) {
           // TODO This try catch block should be removed once issue b/229183581 is fixed.
           continue;
@@ -362,6 +368,8 @@ public class RsaOaepTest {
 
   @Test
   public void testRsaOaep2048Sha1Mgf1Sha1() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
    testOaep("rsa_oaep_2048_sha1_mgf1sha1_test.json", false);
   }
 
@@ -420,6 +428,8 @@ public class RsaOaepTest {
 
   @Test
   public void testRsaOaep3072Sha256Mgf1Sha1() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
    testOaep("rsa_oaep_3072_sha256_mgf1sha1_test.json", false);
   }
 
@@ -440,6 +450,8 @@ public class RsaOaepTest {
 
   @Test
   public void testRsaOaep4096Sha256Mgf1Sha1() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
    testOaep("rsa_oaep_4096_sha256_mgf1sha1_test.json", false);
   }
 
diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java
index d41bb98..de86dc5 100644
--- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java
+++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java
@@ -1265,6 +1265,8 @@ public class RsaSignatureTest {
    */
   @Test
   public void testFaultySigner() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
     testFaultySigner(false);
   }
   @Test
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-12-15 09:31:44 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-12-15 09:31:44 +0000
commit	6f68fd413b0d0e6a08dc05243759afd232aac7f9 (patch)
tree	e3eda8a27c15d50826634228f7a53ca776e6d82c
parent	2cca4cb8b403c92b76114ed693afc860012ed1f5 (diff)
parent	5eee5ef21fee5c8ae1b2ba4494ce63162ed3ad09 (diff)
download	wycheproof-aml_tz5_341510010.tar.gz