From 0c7b5dcc1331a5ddf47613ae3c4983b06185a4dc Mon Sep 17 00:00:00 2001 From: Prashant Patil Date: Tue, 11 Oct 2022 14:38:02 +0000 Subject: Keystore:Assuming KeyMint version 1 and above As PURPOSE_AGREE_KEY is included from KeyMint version 1, ECDH key importing is failed for KeyMaster implementation of bramble. Hence, all test from JsonEcdhTest class are excluded for older version than KeyMint 1 till this key import is supported by software emulation. Bug: 251842423, 216434270 Test: atest CtsKeystoreWycheproofTestCases:com.google.security.wycheproof.JsonEcdhTest Change-Id: I35ff119b6a795d76803e87d25864988d9fc54e06 --- .../java/android/keystore/cts/util/KeyStoreUtil.java | 6 ++++++ .../google/security/wycheproof/testcases/JsonEcdhTest.java | 12 ++++++++++++ 2 files changed, 18 insertions(+) diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java index 8bb774e..c2fee69 100644 --- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java +++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java @@ -14,6 +14,8 @@ package android.keystore.cts.util; import android.security.keystore.KeyProtection; +import android.keystore.cts.util.TestUtils; +import androidx.test.core.app.ApplicationProvider; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; import org.bouncycastle.cert.X509CertificateHolder; @@ -84,6 +86,10 @@ public class KeyStoreUtil { } } + public static int getFeatureVersionKeystore() { + return TestUtils.getFeatureVersionKeystore(ApplicationProvider.getApplicationContext()); + } + public static X509Certificate createCertificate( KeyPair keyPair, X500Principal subject, X500Principal issuer) throws OperatorCreationException, CertificateException, IOException { diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/JsonEcdhTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/JsonEcdhTest.java index d790add..3f0e6b8 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/JsonEcdhTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/JsonEcdhTest.java @@ -14,6 +14,7 @@ package com.google.security.wycheproof; import static org.junit.Assert.assertEquals; +import static org.junit.Assume.assumeTrue; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -29,6 +30,7 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.X509EncodedKeySpec; import javax.crypto.KeyAgreement; import org.junit.After; +import org.junit.Before; import org.junit.Test; import org.junit.Ignore; import android.security.keystore.KeyProtection; @@ -47,6 +49,16 @@ public class JsonEcdhTest { KeyStoreUtil.cleanUpKeyStore(); } + @Before + public void setup() { + // In this test class ECDH keys are imported for key agreement (PURPOSE_AGREE_KEY). + // KeyMaster could support this key import through software emulation, + // but currently it is missing (b/216434270). Hence, this assumption is added till ECDH + // key import software emulation is not implemented. + assumeTrue("PURPOSE_AGREE_KEY is supported in KeyMint version 1 and above.", + KeyStoreUtil.getFeatureVersionKeystore() >= KeyStoreUtil.KM_VERSION_KEYMINT_1); + } + /** Convenience mehtod to get a String from a JsonObject */ protected static String getString(JsonObject object, String name) throws Exception { return object.get(name).getAsString(); -- cgit v1.2.3