diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-09-05 04:43:21 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-09-05 04:43:21 +0000 |
| commit | 5898c1d28a16b485d7b00052db2afa0efcdc15d8 (patch) | |
| tree | e3eda8a27c15d50826634228f7a53ca776e6d82c | |
| parent | 82921e69666c15c80bc7e0f895fc9995ad0b8fa4 (diff) | |
| parent | 5eee5ef21fee5c8ae1b2ba4494ce63162ed3ad09 (diff) | |
| download | wycheproof-android14-mainline-appsearch-release.tar.gz | |
Snap for 10760240 from 5eee5ef21fee5c8ae1b2ba4494ce63162ed3ad09 to mainline-appsearch-releaseaml_ase_341510000aml_ase_341410000aml_ase_341310010aml_ase_341113000android14-mainline-appsearch-release
Change-Id: If4aa27eeaf1ddeec22b4132df525225490bca274
4 files changed, 73 insertions, 13 deletions
diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java index 14020e0..001ab89 100644 --- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java +++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java @@ -13,6 +13,7 @@ */ package android.keystore.cts.util; +import static org.junit.Assume.assumeTrue; import android.content.Context; import android.security.keystore.KeyProtection; import android.keystore.cts.util.TestUtils; @@ -53,6 +54,8 @@ public class KeyStoreUtil { public static final int KM_VERSION_KEYMASTER_4 = 40; public static final int KM_VERSION_KEYMASTER_4_1 = 41; public static final int KM_VERSION_KEYMINT_1 = 100; + public static final int KM_VERSION_KEYMINT_2 = 200; + public static final int KM_VERSION_KEYMINT_3 = 300; private static final List kmSupportedDigests = List.of("md5","sha-1","sha-224","sha-384", "sha-256","sha-512"); @@ -177,4 +180,9 @@ public class KeyStoreUtil { new ByteArrayInputStream(x509holder.getEncoded())); return x509c; } + + public static void assumeKeyMintV1OrNewer(boolean isStrongBox) { + assumeTrue("Test can only run on KeyMint v1 and above", + KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KM_VERSION_KEYMINT_1); + } } diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java index 3a42761..5e02de9 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/MacTest.java @@ -209,16 +209,25 @@ public class MacTest { } @Test + // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until + // performance requirements can be defined. See http://b/296367623 + @Ignore public void testHmacSha1() throws Exception { testMac("HMACSHA1", 20); } @Test + // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until + // performance requirements can be defined. See http://b/296367623 + @Ignore public void testHmacSha224() throws Exception { testMac("HMACSHA224", 28); } @Test + // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until + // performance requirements can be defined. See http://b/296367623 + @Ignore public void testHmacSha256() throws Exception { testMac("HMACSHA256", 32); } @@ -231,11 +240,17 @@ public class MacTest { } @Test + // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until + // performance requirements can be defined. See http://b/296367623 + @Ignore public void testHmacSha384() throws Exception { testMac("HMACSHA384", 48); } @Test + // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until + // performance requirements can be defined. See http://b/296367623 + @Ignore public void testHmacSha512() throws Exception { testMac("HMACSHA512", 64); } @@ -331,7 +346,13 @@ public class MacTest { } @Test + // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until + // performance requirements can be defined. See http://b/288588810#comment27 + @Ignore public void testLongMacSha1() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); + testLongMac( "HMACSHA1", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f", @@ -347,7 +368,12 @@ public class MacTest { } @Test + // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until + // performance requirements can be defined. See http://b/288588810#comment27 + @Ignore public void testLongMacSha256() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); testLongMacSha256(false); } @Test @@ -374,7 +400,13 @@ public class MacTest { } @Test + // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until + // performance requirements can be defined. See http://b/288588810#comment27 + @Ignore public void testLongMacSha384() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); + testLongMac( "HMACSHA384", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" @@ -394,7 +426,13 @@ public class MacTest { } @Test + // Long-running MAC tests expose inefficiencies on some devices. Ignore the test until + // performance requirements can be defined. See http://b/288588810#comment27 + @Ignore public void testLongMacSha512() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); + testLongMac( "HMACSHA512", "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f" diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java index 29f8905..9c2cbf5 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java @@ -60,17 +60,20 @@ public class RsaOaepTest { private static PrivateKey saveKeyPairToKeystoreAndReturnPrivateKey(PublicKey pubKey, PrivateKey privKey, String digest, String mgfDigest, boolean isStrongBox) throws Exception { + KeyProtection.Builder keyProtection = new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN | + KeyProperties.PURPOSE_VERIFY | + KeyProperties.PURPOSE_ENCRYPT | + KeyProperties.PURPOSE_DECRYPT) + .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, + KeyProperties.ENCRYPTION_PADDING_RSA_OAEP) + .setIsStrongBoxBacked(isStrongBox); + if (digest.equalsIgnoreCase(mgfDigest)) { + keyProtection.setDigests(digest); + } else { + keyProtection.setDigests(digest, mgfDigest); + } return (PrivateKey) KeyStoreUtil.saveKeysToKeystore(KEY_ALIAS_1, pubKey, privKey, - new KeyProtection.Builder(KeyProperties.PURPOSE_SIGN | - KeyProperties.PURPOSE_VERIFY | - KeyProperties.PURPOSE_ENCRYPT | - KeyProperties.PURPOSE_DECRYPT) - .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1, - KeyProperties.ENCRYPTION_PADDING_RSA_OAEP) - .setDigests(digest, mgfDigest) - .setIsStrongBoxBacked(isStrongBox) - .build()) - .getKey(KEY_ALIAS_1, null); + keyProtection.build()).getKey(KEY_ALIAS_1, null); } /** @@ -196,10 +199,13 @@ public class RsaOaepTest { String sha = getString(group, "sha"); String mgf = getString(group, "mgf"); String mgfSha = getString(group, "mgfSha"); - // mgfDigest other than SHA-1 are supported from KeyMint V1 and above. + // mgfDigest other than SHA-1 are supported from KeyMint V1 and above but some implementations + // of keymint V1 and V2 (notably the C++ reference implementation) does not include MGF_DIGEST + // tag in key characteriestics hence issue b/287532460 introduced. So non-default MGF_DIGEST is + // tested on Keymint V3 and above. if (!mgfSha.equalsIgnoreCase("SHA-1")) { - assumeTrue("This test is valid for KeyMint version 1 and above.", - KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KeyStoreUtil.KM_VERSION_KEYMINT_1); + assumeTrue("This test is valid for KeyMint version 3 and above.", + KeyStoreUtil.getFeatureVersionKeystore(isStrongBox) >= KeyStoreUtil.KM_VERSION_KEYMINT_3); } PSource p = PSource.PSpecified.DEFAULT; if (test.has("label") && !TextUtils.isEmpty(getString(test, "label"))) { @@ -362,6 +368,8 @@ public class RsaOaepTest { @Test public void testRsaOaep2048Sha1Mgf1Sha1() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); testOaep("rsa_oaep_2048_sha1_mgf1sha1_test.json", false); } @@ -420,6 +428,8 @@ public class RsaOaepTest { @Test public void testRsaOaep3072Sha256Mgf1Sha1() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); testOaep("rsa_oaep_3072_sha256_mgf1sha1_test.json", false); } @@ -440,6 +450,8 @@ public class RsaOaepTest { @Test public void testRsaOaep4096Sha256Mgf1Sha1() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); testOaep("rsa_oaep_4096_sha256_mgf1sha1_test.json", false); } diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java index d41bb98..de86dc5 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaSignatureTest.java @@ -1265,6 +1265,8 @@ public class RsaSignatureTest { */ @Test public void testFaultySigner() throws Exception { + // b/244609904#comment64 + KeyStoreUtil.assumeKeyMintV1OrNewer(false); testFaultySigner(false); } @Test |