Make HMAC operations use MAC length specified at operation time.
MAC length is no longer associated with a key, but specified for each
operation.
Bug: 19991862
Change-Id: I2c4389a0ab8b68b6f3a9464063d4422caa81d9b7
diff --git a/google_keymaster_test_utils.cpp b/google_keymaster_test_utils.cpp
index e66bff0..f61fde4 100644
--- a/google_keymaster_test_utils.cpp
+++ b/google_keymaster_test_utils.cpp
@@ -220,18 +220,12 @@
keymaster_error_t Keymaster1Test::BeginOperation(keymaster_purpose_t purpose,
const AuthorizationSet& input_set,
- AuthorizationSet* output_set,
- bool use_client_params) {
- AuthorizationSet additional_params;
- if (use_client_params)
- additional_params.push_back(AuthorizationSet(client_params_, array_length(client_params_)));
- additional_params.push_back(input_set);
-
+ AuthorizationSet* output_set) {
keymaster_key_param_t* out_params;
size_t out_params_count;
keymaster_error_t error =
- device()->begin(device(), purpose, &blob_, additional_params.data(),
- additional_params.size(), &out_params, &out_params_count, &op_handle_);
+ device()->begin(device(), purpose, &blob_, input_set.data(), input_set.size(), &out_params,
+ &out_params_count, &op_handle_);
if (error == KM_ERROR_OK) {
if (output_set) {
output_set->Reinitialize(out_params, out_params_count);
@@ -306,8 +300,9 @@
string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
bool use_client_params) {
AuthorizationSet input_params;
- EXPECT_EQ(KM_ERROR_OK,
- BeginOperation(purpose, input_params, NULL /* output_params */, use_client_params));
+ if (use_client_params)
+ input_params.push_back(AuthorizationSet(client_params_, array_length(client_params_)));
+ EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, input_params, NULL /* output_params */));
string result;
size_t input_consumed;
@@ -334,8 +329,9 @@
string Keymaster1Test::ProcessMessage(keymaster_purpose_t purpose, const string& message,
const string& signature, bool use_client_params) {
AuthorizationSet input_params;
- EXPECT_EQ(KM_ERROR_OK,
- BeginOperation(purpose, input_params, NULL /* output_params */, use_client_params));
+ if (use_client_params)
+ input_params.push_back(AuthorizationSet(client_params_, array_length(client_params_)));
+ EXPECT_EQ(KM_ERROR_OK, BeginOperation(purpose, input_params, NULL /* output_params */));
string result;
size_t input_consumed;
@@ -351,6 +347,17 @@
EXPECT_GT(signature->size(), 0U);
}
+void Keymaster1Test::MacMessage(const string& message, string* signature, size_t mac_length) {
+ SCOPED_TRACE("SignMessage");
+ AuthorizationSet input_params(AuthorizationSet(client_params_, array_length(client_params_)));
+ input_params.push_back(TAG_MAC_LENGTH, mac_length);
+ AuthorizationSet update_params;
+ AuthorizationSet output_params;
+ *signature =
+ ProcessMessage(KM_PURPOSE_SIGN, message, input_params, update_params, &output_params);
+ EXPECT_GT(signature->size(), 0U);
+}
+
void Keymaster1Test::VerifyMessage(const string& message, const string& signature,
bool use_client_params) {
SCOPED_TRACE("VerifyMessage");
@@ -365,7 +372,7 @@
string Keymaster1Test::EncryptMessage(const AuthorizationSet& update_params, const string& message,
string* generated_nonce) {
SCOPED_TRACE("EncryptMessage");
- AuthorizationSet begin_params, output_params;
+ AuthorizationSet begin_params(client_params()), output_params;
string ciphertext =
ProcessMessage(KM_PURPOSE_ENCRYPT, message, begin_params, update_params, &output_params);
if (generated_nonce) {
@@ -400,7 +407,7 @@
string Keymaster1Test::DecryptMessage(const AuthorizationSet& update_params,
const string& ciphertext, const string& nonce) {
SCOPED_TRACE("DecryptMessage");
- AuthorizationSet begin_params;
+ AuthorizationSet begin_params(client_params());
begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
return ProcessMessage(KM_PURPOSE_DECRYPT, ciphertext, begin_params, update_params);
}
@@ -436,13 +443,11 @@
void Keymaster1Test::CheckHmacTestVector(string key, string message, keymaster_digest_t digest,
string expected_mac) {
- ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder()
- .HmacKey(key.size() * 8)
- .Digest(digest)
- .Authorization(TAG_MAC_LENGTH, expected_mac.size()),
- KM_KEY_FORMAT_RAW, key));
+ ASSERT_EQ(KM_ERROR_OK,
+ ImportKey(AuthorizationSetBuilder().HmacKey(key.size() * 8).Digest(digest),
+ KM_KEY_FORMAT_RAW, key));
string signature;
- SignMessage(message, &signature);
+ MacMessage(message, &signature, expected_mac.size());
EXPECT_EQ(expected_mac, signature) << "Test vector didn't match for digest " << (int)digest;
}
@@ -455,7 +460,7 @@
.Authorization(TAG_CALLER_NONCE),
KM_KEY_FORMAT_RAW, key));
- AuthorizationSet begin_params, update_params, output_params;
+ AuthorizationSet begin_params(client_params()), update_params, output_params;
begin_params.push_back(TAG_NONCE, nonce.data(), nonce.size());
string ciphertext =
EncryptMessageWithParams(message, begin_params, update_params, &output_params);