diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-08-03 16:52:35 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-08-03 16:52:35 +0000 |
commit | 0671c01da8c5ea36b36a4521c650ea518c7c0aa3 (patch) | |
tree | cec47ead12e435072cce20bebcaeddd793f07c43 | |
parent | 24b06465ad5445b0f760e25c9ef504074eab3047 (diff) | |
parent | 2bee3b0c4859c5ed91ac5c2155addcbcccb4a328 (diff) | |
download | wycheproof-0671c01da8c5ea36b36a4521c650ea518c7c0aa3.tar.gz |
Snap for 10603423 from 2bee3b0c4859c5ed91ac5c2155addcbcccb4a328 to udc-platform-releaseandroid-platform-14.0.0_r8android-platform-14.0.0_r7android-platform-14.0.0_r6android-platform-14.0.0_r5android-platform-14.0.0_r4android-platform-14.0.0_r3android-platform-14.0.0_r2android-platform-14.0.0_r1android14-platform-release
Change-Id: Icfd423c81b23bef3d1de2c02daa688935ea7f569
4 files changed, 40 insertions, 6 deletions
diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java index ea5d91b..001ab89 100644 --- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java +++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java @@ -13,6 +13,7 @@ */ package android.keystore.cts.util; +import static org.junit.Assume.assumeTrue; import android.content.Context; import android.security.keystore.KeyProtection; import android.keystore.cts.util.TestUtils; @@ -53,6 +54,8 @@ public class KeyStoreUtil { public static final int KM_VERSION_KEYMASTER_4 = 40; public static final int KM_VERSION_KEYMASTER_4_1 = 41; public static final int KM_VERSION_KEYMINT_1 = 100; + public static final int KM_VERSION_KEYMINT_2 = 200; + public static final int KM_VERSION_KEYMINT_3 = 300; private static final List kmSupportedDigests = List.of("md5","sha-1","sha-224","sha-384", "sha-256","sha-512"); @@ -91,7 +94,11 @@ public class KeyStoreUtil { } } - public static int getFeatureVersionKeystore() { + public static int getFeatureVersionKeystore(boolean isStrongBox) { + if (isStrongBox) { + return TestUtils.getFeatureVersionKeystoreStrongBox( + ApplicationProvider.getApplicationContext()); + } return TestUtils.getFeatureVersionKeystore(ApplicationProvider.getApplicationContext()); } @@ -173,4 +180,9 @@ public class KeyStoreUtil { new ByteArrayInputStream(x509holder.getEncoded())); return x509c; } + + public static void assumeKeyMintV1OrNewer(boolean isStrongBox) { + assumeTrue("Test can only run on KeyMint v1 and above", + KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KM_VERSION_KEYMINT_1); + } } diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java index 3a42761..81be1bd 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java @@ -332,6 +332,9 @@ public class MacTest { @Test public void testLongMacSha1() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); + testLongMac( "HMACSHA1", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", @@ -348,6 +351,8 @@ public class MacTest { @Test public void testLongMacSha256() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); testLongMacSha256(false); } @Test @@ -375,6 +380,9 @@ public class MacTest { @Test public void testLongMacSha384() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); + testLongMac( "HMACSHA384", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" @@ -395,6 +403,9 @@ public class MacTest { @Test public void testLongMacSha512() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); + testLongMac( "HMACSHA512", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java index 5eb47e5..0a82423 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java @@ -192,14 +192,17 @@ public class RsaOaepTest { } protected static OAEPParameterSpec getOaepParameters(JsonObject group, - JsonObject test) throws Exception { + JsonObject test, boolean isStrongBox) throws Exception { String sha = getString(group, "sha"); String mgf = getString(group, "mgf"); String mgfSha = getString(group, "mgfSha"); - // mgfDigest other than SHA-1 are supported from KeyMint V1 and above. + // mgfDigest other than SHA-1 are supported from KeyMint V1 and above but some implementations + // of keymint V1 and V2 (notably the C++ reference implementation) does not include MGF_DIGEST + // tag in key characteriestics hence issue b/287532460 introduced. So non-default MGF_DIGEST is + // tested on Keymint V3 and above. if (!mgfSha.equalsIgnoreCase("SHA-1")) { - assumeTrue("This test is valid for KeyMint version 1 and above.", - KeyStoreUtil.getFeatureVersionKeystore() >= KeyStoreUtil.KM_VERSION_KEYMINT_1); + assumeTrue("This test is valid for KeyMint version 3 and above.", + KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KeyStoreUtil.KM_VERSION_KEYMINT_3); } PSource p = PSource.PSpecified.DEFAULT; if (test.has("label") && !TextUtils.isEmpty(getString(test, "label"))) { @@ -305,7 +308,7 @@ public class RsaOaepTest { String messageHex = TestUtil.bytesToHex(getBytes(testcase, "msg")); OAEPParameterSpec params; try { - params = getOaepParameters(group, testcase); + params = getOaepParameters(group, testcase, isStrongBox); } catch (UnsupportedKeyParametersException e) { // TODO This try catch block should be removed once issue b/229183581 is fixed. continue; @@ -362,6 +365,8 @@ public class RsaOaepTest { @Test public void testRsaOaep2048Sha1Mgf1Sha1() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); testOaep("rsa_oaep_2048_sha1_mgf1sha1_test.json", false); } @@ -420,6 +425,8 @@ public class RsaOaepTest { @Test public void testRsaOaep3072Sha256Mgf1Sha1() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); testOaep("rsa_oaep_3072_sha256_mgf1sha1_test.json", false); } @@ -440,6 +447,8 @@ public class RsaOaepTest { @Test public void testRsaOaep4096Sha256Mgf1Sha1() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); testOaep("rsa_oaep_4096_sha256_mgf1sha1_test.json", false); } diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java index d41bb98..de86dc5 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java @@ -1265,6 +1265,8 @@ public class RsaSignatureTest { */ @Test public void testFaultySigner() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); testFaultySigner(false); } @Test |