diff options
author | Rajesh Nyamagoud <nyamagoud@google.com> | 2022-02-03 01:15:34 +0000 |
---|---|---|
committer | Rajesh Nyamagoud <nyamagoud@google.com> | 2022-08-31 18:22:08 +0000 |
commit | 4c6193c217b88777a85191e8b5d099e017591dfe (patch) | |
tree | 784623c2f446aa586bff0d61de25a35985c5bc9f /keystore2/test_utils | |
parent | 6ec53e3489dc7a24b72c5fadeaad60a6c04610d4 (diff) | |
download | security-4c6193c217b88777a85191e8b5d099e017591dfe.tar.gz |
Added HMAC key generation tests.
- Generate HMAC keys with digest modes [SHA1, SHA_2_224, SHA_2_256,
SHA_2_384, SHA_2_512], should be able to create operations using
generated keys successfully.
- Try to generate HAMC keys with key size in the range 0..513. For
invalid key size, key generation should fail with an error code
`UNSUPPORTED_KEY_SIZE`.
- Generate HMAC keys with min-mac-lengths in the range 0..257. For
invalid min-mac-length, key generation should fail with an error
code `UNSUPPORTED_MIN_MAC_LENGTH`.
- Try to generate HMAC key with multiple digest modes, key generation
should fail with an error code `UNSUPPORTED_DIGEST`.
- Try to generate HMAC key without providing digest mode, key
generation should fail with an error code `UNSUPPORTED_DIGEST`.
- Try to generate HMAC key with digest mode `NONE`, key
generation should fail with an error code `UNSUPPORTED_DIGEST`.
- Generate HMAC key with min-mac-length of 128 bits and digests
[SHA1, SHA-2-224], try to create operations with mac-len greater than
digest lengths. Test should fail to create an operation with an error
code `UNSUPPORTED_MAC_LENGTH`.
- Generate HMAC key with min-mac-length of 128 bits and digests
[SHA1, SHA-2-224], try to create operations with mac-len less than
min-mac-length. Test should fail to create an operation with an error
code `INVALID_MAC_LENGTH`.
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I594c9718b0f6a67f2655faca4bf100abf2ced3a3
Diffstat (limited to 'keystore2/test_utils')
-rw-r--r-- | keystore2/test_utils/key_generations.rs | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/keystore2/test_utils/key_generations.rs b/keystore2/test_utils/key_generations.rs index c25d9280..17d89146 100644 --- a/keystore2/test_utils/key_generations.rs +++ b/keystore2/test_utils/key_generations.rs @@ -297,3 +297,42 @@ pub fn generate_sym_key( assert!(key_metadata.certificateChain.is_none()); Ok(key_metadata) } + +/// Generate HMAC key. +pub fn generate_hmac_key( + sec_level: &binder::Strong<dyn IKeystoreSecurityLevel>, + alias: &str, + key_size: i32, + min_mac_len: i32, + digest: Digest, +) -> binder::Result<KeyMetadata> { + let gen_params = AuthSetBuilder::new() + .no_auth_required() + .algorithm(Algorithm::HMAC) + .purpose(KeyPurpose::SIGN) + .purpose(KeyPurpose::VERIFY) + .key_size(key_size) + .min_mac_length(min_mac_len) + .digest(digest); + + let key_metadata = sec_level.generateKey( + &KeyDescriptor { + domain: Domain::APP, + nspace: -1, + alias: Some(alias.to_string()), + blob: None, + }, + None, + &gen_params, + 0, + b"entropy", + )?; + + // Should not have public certificate. + assert!(key_metadata.certificate.is_none()); + + // Should not have an attestation record. + assert!(key_metadata.certificateChain.is_none()); + + Ok(key_metadata) +} |