Snap for 10573380 from c3e87764ba8176d3eaec4dd7ab44ccc718f86cb5 to udc-d1-releaseandroid-14.0.0_r9 android-14.0.0_r8 android-14.0.0_r7 android-14.0.0_r6 android-14.0.0_r5 android-14.0.0_r4 android-14.0.0_r3 android-14.0.0_r12 android-14.0.0_r11 android-14.0.0_r10 android14-d1-s7-release android14-d1-s6-release android14-d1-s5-release android14-d1-s4-release android14-d1-s3-release android14-d1-s2-release android14-d1-s1-release android14-d1-release

Change-Id: If0544dbf83a42c049f285e6eb9d3fa2371388bcb
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-07-27 23:15:08 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-07-27 23:15:08 +0000
commit: 6ae324a171e861d76a5824a62913134c9d770756 (patch)
tree: cec47ead12e435072cce20bebcaeddd793f07c43
parent: 40168fca1c016c94464144841ab8476f89dd49b2 (diff)
parent: c3e87764ba8176d3eaec4dd7ab44ccc718f86cb5 (diff)
download: wycheproof-android14-d1-s1-release.tar.gz
4 files changed, 33 insertions, 3 deletions
diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
index 14020e0..001ab89 100644
--- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
+++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
@@ -13,6 +13,7 @@
  */
 package android.keystore.cts.util;
 
+import static org.junit.Assume.assumeTrue;
 import android.content.Context;
 import android.security.keystore.KeyProtection;
 import android.keystore.cts.util.TestUtils;
@@ -53,6 +54,8 @@ public class KeyStoreUtil {
     public static final int KM_VERSION_KEYMASTER_4 = 40;
     public static final int KM_VERSION_KEYMASTER_4_1 = 41;
     public static final int KM_VERSION_KEYMINT_1 = 100;
+    public static final int KM_VERSION_KEYMINT_2 = 200;
+    public static final int KM_VERSION_KEYMINT_3 = 300;
 
     private static final List kmSupportedDigests = List.of("md5","sha-1","sha-224","sha-384",
                                                         "sha-256","sha-512");
@@ -177,4 +180,9 @@ public class KeyStoreUtil {
                                 new ByteArrayInputStream(x509holder.getEncoded()));
         return x509c;
     }
+
+    public static void assumeKeyMintV1OrNewer(boolean isStrongBox) {
+        assumeTrue("Test can only run on KeyMint v1 and above",
+            KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KM_VERSION_KEYMINT_1);
+    }
 }
diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java
index 3a42761..81be1bd 100644
--- a/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java
+++ b/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java
@@ -332,6 +332,9 @@ public class MacTest {
 
   @Test
   public void testLongMacSha1() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
+
     testLongMac(
         "HMACSHA1",
         "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f",
@@ -348,6 +351,8 @@ public class MacTest {
 
   @Test
   public void testLongMacSha256() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
     testLongMacSha256(false);
   }
   @Test
@@ -375,6 +380,9 @@ public class MacTest {
 
   @Test
   public void testLongMacSha384() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
+
     testLongMac(
         "HMACSHA384",
         "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
@@ -395,6 +403,9 @@ public class MacTest {
 
   @Test
   public void testLongMacSha512() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
+
     testLongMac(
         "HMACSHA512",
         "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
index 29f8905..0a82423 100644
--- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
+++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
@@ -196,10 +196,13 @@ public class RsaOaepTest {
     String sha = getString(group, "sha");
     String mgf = getString(group, "mgf");
     String mgfSha = getString(group, "mgfSha");
-    // mgfDigest other than SHA-1 are supported from KeyMint V1 and above.
+    // mgfDigest other than SHA-1 are supported from KeyMint V1 and above but some implementations
+    // of keymint V1 and V2 (notably the C++ reference implementation) does not include MGF_DIGEST
+    // tag in key characteriestics hence issue b/287532460 introduced. So non-default MGF_DIGEST is
+    // tested on Keymint V3 and above.
     if (!mgfSha.equalsIgnoreCase("SHA-1")) {
-      assumeTrue("This test is valid for KeyMint version 1 and above.",
-          KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KeyStoreUtil.KM_VERSION_KEYMINT_1);
+      assumeTrue("This test is valid for KeyMint version 3 and above.",
+          KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KeyStoreUtil.KM_VERSION_KEYMINT_3);
     }
     PSource p = PSource.PSpecified.DEFAULT;
     if (test.has("label") && !TextUtils.isEmpty(getString(test, "label"))) {
@@ -362,6 +365,8 @@ public class RsaOaepTest {
 
   @Test
   public void testRsaOaep2048Sha1Mgf1Sha1() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
    testOaep("rsa_oaep_2048_sha1_mgf1sha1_test.json", false);
   }
 
@@ -420,6 +425,8 @@ public class RsaOaepTest {
 
   @Test
   public void testRsaOaep3072Sha256Mgf1Sha1() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
    testOaep("rsa_oaep_3072_sha256_mgf1sha1_test.json", false);
   }
 
@@ -440,6 +447,8 @@ public class RsaOaepTest {
 
   @Test
   public void testRsaOaep4096Sha256Mgf1Sha1() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
    testOaep("rsa_oaep_4096_sha256_mgf1sha1_test.json", false);
   }
 
diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java
index d41bb98..de86dc5 100644
--- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java
+++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java
@@ -1265,6 +1265,8 @@ public class RsaSignatureTest {
    */
   @Test
   public void testFaultySigner() throws Exception {
+    // b/244609904#comment64
+    KeyStoreUtil.assumeKeyMintV1OrNewer(false);
     testFaultySigner(false);
   }
   @Test
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-07-27 23:15:08 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-07-27 23:15:08 +0000
commit	6ae324a171e861d76a5824a62913134c9d770756 (patch)
tree	cec47ead12e435072cce20bebcaeddd793f07c43
parent	40168fca1c016c94464144841ab8476f89dd49b2 (diff)
parent	c3e87764ba8176d3eaec4dd7ab44ccc718f86cb5 (diff)
download	wycheproof-android14-d1-s1-release.tar.gz