Add version and impl info field to EncryptedKey

This change alters the EncryptedKey struct to provide the ability to version the KDF used to derive the key to wrap the EncryptedKey with. Additionally, it adds an addl_info field to allow the implementor to specify any other information they would like to attach to the key structure. Test: tbd Change-Id: I1a32556cdff371138118028772b773f5e9b22c61
author: Max Bires <jbires@google.com> 2022-03-22 23:43:41 -0700
committer: Max Bires <jbires@google.com> 2022-03-24 21:08:09 -0700
commit: 5569b04a43855707b9ff2586f3d6bedd375a9f03 (patch)
tree: de3b8d8657128cd8ac8623b08c0bb8c4768ab60f /tests/key_blob_test.cpp
parent: 00c493e49cce34dcb757f2eed28d736b2b45cb86 (diff)
download: keymaster-5569b04a43855707b9ff2586f3d6bedd375a9f03.tar.gz
1 files changed, 35 insertions, 9 deletions
diff --git a/tests/key_blob_test.cpp b/tests/key_blob_test.cpp
index b8ec193..f50d4fe 100644
--- a/tests/key_blob_test.cpp
+++ b/tests/key_blob_test.cpp
@@ -138,7 +138,8 @@ TEST_P(KeyBlobTest, EncryptDecrypt) {
     ASSERT_TRUE(deserialized.isOk());
     EXPECT_EQ(hw_enforced_, deserialized->hw_enforced);
     EXPECT_EQ(sw_enforced_, deserialized->sw_enforced);
-    if (GetParam() == AES_GCM_WITH_SECURE_DELETION) {
+    if (GetParam() == AES_GCM_WITH_SECURE_DELETION ||
+        GetParam() == AES_GCM_WITH_SECURE_DELETION_VERSIONED) {
         EXPECT_EQ(key_slot, deserialized->key_slot);
     } else {
         EXPECT_EQ(0U, deserialized->key_slot);
@@ -379,7 +380,9 @@ TEST_P(KeyBlobTest, DupBufferToolarge) {
 
 INSTANTIATE_TEST_SUITE_P(AllFormats, KeyBlobTest,
                          ::testing::Values(AES_OCB, AES_GCM_WITH_SW_ENFORCED,
-                                           AES_GCM_WITH_SECURE_DELETION),
+                                           AES_GCM_WITH_SECURE_DELETION,
+                                           AES_GCM_WITH_SW_ENFORCED_VERSIONED,
+                                           AES_GCM_WITH_SECURE_DELETION_VERSIONED),
                          [](const ::testing::TestParamInfo<KeyBlobTest::ParamType>& info) {
                              switch (info.param) {
                              case AES_OCB:
@@ -388,16 +391,39 @@ INSTANTIATE_TEST_SUITE_P(AllFormats, KeyBlobTest,
                                  return "AES_GCM_WITH_SW_ENFORCED";
                              case AES_GCM_WITH_SECURE_DELETION:
                                  return "AES_GCM_WITH_SECURE_DELETION";
+                             case AES_GCM_WITH_SW_ENFORCED_VERSIONED:
+                                 return "AES_GCM_WITH_SW_ENFORCED_VERSIONED";
+                             case AES_GCM_WITH_SECURE_DELETION_VERSIONED:
+                                 return "AES_GCM_WITH_SECURE_DELETION_VERSIONED";
                              }
                              CHECK(false) << "Shouldn't be able to get here";
                              return "Unexpected";
                          });
 
-// Tests that only apply to AES_GCM_WITH_SECURE_DELETION; we don't parameterize these.
 using SecureDeletionTest = KeyBlobTest;
 
-TEST_F(SecureDeletionTest, WrongFactoryResetSecret) {
-    ASSERT_EQ(KM_ERROR_OK, Encrypt(AES_GCM_WITH_SECURE_DELETION));
+INSTANTIATE_TEST_SUITE_P(SecureDeletionFormats, SecureDeletionTest,
+                         ::testing::Values(AES_GCM_WITH_SECURE_DELETION,
+                                           AES_GCM_WITH_SECURE_DELETION_VERSIONED),
+                         [](const ::testing::TestParamInfo<KeyBlobTest::ParamType>& info) {
+                             switch (info.param) {
+                             case AES_OCB:
+                                 return "AES_OCB";
+                             case AES_GCM_WITH_SW_ENFORCED:
+                                 return "AES_GCM_WITH_SW_ENFORCED";
+                             case AES_GCM_WITH_SECURE_DELETION:
+                                 return "AES_GCM_WITH_SECURE_DELETION";
+                             case AES_GCM_WITH_SW_ENFORCED_VERSIONED:
+                                 return "AES_GCM_WITH_SW_ENFORCED_VERSIONED";
+                             case AES_GCM_WITH_SECURE_DELETION_VERSIONED:
+                                 return "AES_GCM_WITH_SECURE_DELETION_VERSIONED";
+                             }
+                             CHECK(false) << "Shouldn't be able to get here";
+                             return "Unexpected";
+                         });
+
+TEST_P(SecureDeletionTest, WrongFactoryResetSecret) {
+    ASSERT_EQ(KM_ERROR_OK, Encrypt(GetParam()));
     ASSERT_EQ(KM_ERROR_OK, Serialize());
 
     SecureDeletionData wrong_secure_deletion(std::move(secure_deletion_data_));
@@ -410,8 +436,8 @@ TEST_F(SecureDeletionTest, WrongFactoryResetSecret) {
     EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, result.error());
 }
 
-TEST_F(SecureDeletionTest, WrongSecureDeletionSecret) {
-    ASSERT_EQ(KM_ERROR_OK, Encrypt(AES_GCM_WITH_SECURE_DELETION));
+TEST_P(SecureDeletionTest, WrongSecureDeletionSecret) {
+    ASSERT_EQ(KM_ERROR_OK, Encrypt(GetParam()));
     ASSERT_EQ(KM_ERROR_OK, Serialize());
 
     SecureDeletionData wrong_secure_deletion(std::move(secure_deletion_data_));
@@ -424,8 +450,8 @@ TEST_F(SecureDeletionTest, WrongSecureDeletionSecret) {
     EXPECT_EQ(KM_ERROR_INVALID_KEY_BLOB, result.error());
 }
 
-TEST_F(SecureDeletionTest, WrongSecureDeletionKeySlot) {
-    ASSERT_EQ(KM_ERROR_OK, Encrypt(AES_GCM_WITH_SECURE_DELETION));
+TEST_P(SecureDeletionTest, WrongSecureDeletionKeySlot) {
+    ASSERT_EQ(KM_ERROR_OK, Encrypt(GetParam()));
     ASSERT_EQ(KM_ERROR_OK, Serialize());
 
     SecureDeletionData wrong_secure_deletion(std::move(secure_deletion_data_));
author	Max Bires <jbires@google.com>	2022-03-22 23:43:41 -0700
committer	Max Bires <jbires@google.com>	2022-03-24 21:08:09 -0700
commit	5569b04a43855707b9ff2586f3d6bedd375a9f03 (patch)
tree	de3b8d8657128cd8ac8623b08c0bb8c4768ab60f /tests/key_blob_test.cpp
parent	00c493e49cce34dcb757f2eed28d736b2b45cb86 (diff)
download	keymaster-5569b04a43855707b9ff2586f3d6bedd375a9f03.tar.gz