diff options
author | Rajesh Nyamagoud <nyamagoud@google.com> | 2023-04-07 02:47:27 +0000 |
---|---|---|
committer | Rajesh Nyamagoud <nyamagoud@google.com> | 2023-05-09 17:54:45 +0000 |
commit | 6a82349afb23106b67a72a05596911358698f92f (patch) | |
tree | 01c2c4bcebddf866f948e677591e84f4e8b6446d /keystore2/test_utils | |
parent | 4b7b5986f66ec57bc6acd07d99a1d484f4a7426e (diff) | |
download | security-6a82349afb23106b67a72a05596911358698f92f.tar.gz |
Adding tests to verify `getNumberOfEntries` and `listEntriesBatched`.
1. Try to list large number of aliases such that aliases list would
exceed the binder transaction size limit. Test should successfully
list the aliases using `listEntriesBatched` API.
2. Import keys from multiple processes having same user context. Try to
list the aliases in all the processes with and without providing
`startingPastAlias`. Test should list aliases using
`listEntriesBatched` in all the processes using any of the alias as
`startingPastAlias` and match with expected list of aliases. Test
should also list all the aliases without providing
`startingPastAlias`.
3. Try to list aliases with empty keystore using `listEntriesBatched`
API. Test should successfully query the Keystore for aliases and
vrify that keystore is empty.
4. Test to list aliases using domain as SELINUX using
`listEntriesBatched` API.
5. Import multiple number of keys in an app context and try to list the
aliases using imported keys aliases as `startingPastAlias` and verify
the retrived the list of aliases matches the expected list of alises
in all the cases.
6. Try to list the key entries with domain SELINUX from user context
where user doesn't possesses `GET_INFO` permission for specified
namespace. Test should fail to list key entries with error response
code `PERMISSION_DENIED`.
7. Try to list key entries with domain BLOB. Test should fail with error
response code `INVALID_ARGUMENT`.
8. Try to get the total number of keystore entries with domain SELINUX
from user context where user doesn't possesses `GET_INFO` permission
for specified namespace. Test should fail to get the count with
error response code `PERMISSION_DENIED`.
9. Try to get the count of total number of entries in keystore with
domain BLOB. Test should fail with error response code
`INVALID_ARGUMENT`.
Bug: 194359114
Test: atest keystore2_client_test
Change-Id: I7dd52230cd602a1ae33e3f9f2a22d2dd2c447df7
Diffstat (limited to 'keystore2/test_utils')
-rw-r--r-- | keystore2/test_utils/key_generations.rs | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/keystore2/test_utils/key_generations.rs b/keystore2/test_utils/key_generations.rs index e4c4968f..02384d91 100644 --- a/keystore2/test_utils/key_generations.rs +++ b/keystore2/test_utils/key_generations.rs @@ -16,6 +16,10 @@ use anyhow::Result; +use core::ops::Range; +use std::collections::HashSet; +use std::fmt::Write; + use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{ Algorithm::Algorithm, BlockMode::BlockMode, Digest::Digest, EcCurve::EcCurve, ErrorCode::ErrorCode, HardwareAuthenticatorType::HardwareAuthenticatorType, @@ -1082,3 +1086,23 @@ pub fn generate_ec_agree_key( Err(e) => Err(e), } } + +/// Helper method to import AES keys `total_count` of times. +pub fn import_aes_keys( + sec_level: &binder::Strong<dyn IKeystoreSecurityLevel>, + alias_prefix: String, + total_count: Range<i32>, +) -> binder::Result<HashSet<String>> { + let mut imported_key_aliases = HashSet::new(); + + // Import Total number of keys with given alias prefix. + for count in total_count { + let mut alias = String::new(); + write!(alias, "{}_{}", alias_prefix, count).unwrap(); + imported_key_aliases.insert(alias.clone()); + + import_aes_key(sec_level, Domain::APP, -1, Some(alias))?; + } + + Ok(imported_key_aliases) +} |