commit 498e0aa0e02fba5cacf1f9ba012b3f406e1f4e25
author Shawn Willden <swillden@google.com> Wed Mar 04 15:35:45 2015 -0700
committer Shawn Willden <swillden@google.com> Wed Mar 04 15:42:48 2015 -0700
tree e6a78597be3c8e254b9904891bf5e6c0bd4c3ece
parent 7dad93b6552a2253ad6e7a493ddf0c9113806712

Remove support for CFB and OFB modes.

They're not supported by the openssl in Trusty, and we don't
actually need them for now, so just remove them.

Change-Id: I6ca385fff34dba8732d001c03c502d62136477a0

google_keymaster_test.cpp

diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index bb19ada..985eb66 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp
@@ -426,8 +426,7 @@
 
     EXPECT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
                                                                KM_PURPOSE_ENCRYPT, &modes, &len));
-    EXPECT_TRUE(ResponseContains({KM_MODE_OCB, KM_MODE_ECB, KM_MODE_CBC, KM_MODE_OFB, KM_MODE_CFB},
-                                 modes, len));
+    EXPECT_TRUE(ResponseContains({KM_MODE_OCB, KM_MODE_ECB, KM_MODE_CBC}, modes, len));
     free(modes);
 }
 
@@ -1626,67 +1625,5 @@
     }
 }
 
-TEST_F(EncryptionOperationsTest, AesCfbRoundTripSuccess) {
-    ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).Option(TAG_BLOCK_MODE,
-                                                                                   KM_MODE_CFB)));
-    // Two-block message.
-    string message = "12345678901234567890123456789012";
-    string ciphertext1 = EncryptMessage(message);
-    EXPECT_EQ(message.size() + 16, ciphertext1.size());
-
-    string ciphertext2 = EncryptMessage(string(message));
-    EXPECT_EQ(message.size() + 16, ciphertext2.size());
-
-    // CBC uses random IVs, so ciphertexts shouldn't match.
-    EXPECT_NE(ciphertext1, ciphertext2);
-
-    string plaintext = DecryptMessage(ciphertext1);
-    EXPECT_EQ(message, plaintext);
-}
-
-TEST_F(EncryptionOperationsTest, AesCfbIncrementalNoPadding) {
-    ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder()
-                                           .AesEncryptionKey(128)
-                                           .Option(TAG_BLOCK_MODE, KM_MODE_CFB)
-                                           .Option(TAG_PADDING, KM_PAD_PKCS7)));
-
-    ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).Option(TAG_BLOCK_MODE,
-                                                                                   KM_MODE_CBC)));
-
-    int increment = 15;
-    string message(240, 'a');
-    EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_ENCRYPT));
-    string ciphertext;
-    size_t input_consumed;
-    for (size_t i = 0; i < message.size(); i += increment)
-        EXPECT_EQ(KM_ERROR_OK,
-                  UpdateOperation(message.substr(i, increment), &ciphertext, &input_consumed));
-    EXPECT_EQ(KM_ERROR_OK, FinishOperation(&ciphertext));
-    EXPECT_EQ(message.size() + 16, ciphertext.size());
-
-    EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_DECRYPT));
-    string plaintext;
-    for (size_t i = 0; i < ciphertext.size(); i += increment)
-        EXPECT_EQ(KM_ERROR_OK,
-                  UpdateOperation(ciphertext.substr(i, increment), &plaintext, &input_consumed));
-    EXPECT_EQ(KM_ERROR_OK, FinishOperation(&plaintext));
-    EXPECT_EQ(ciphertext.size() - 16, plaintext.size());
-    EXPECT_EQ(message, plaintext);
-}
-
-TEST_F(EncryptionOperationsTest, AesCfbPkcs7Padding) {
-    ASSERT_EQ(KM_ERROR_OK, GenerateKey(ParamBuilder().AesEncryptionKey(128).Option(TAG_BLOCK_MODE,
-                                                                                   KM_MODE_CFB)));
-
-    // Try various message lengths; all should work.
-    for (int i = 0; i < 32; ++i) {
-        string message(i, 'a');
-        string ciphertext = EncryptMessage(message);
-        EXPECT_EQ(i + 16, ciphertext.size());
-        string plaintext = DecryptMessage(ciphertext);
-        EXPECT_EQ(message, plaintext);
-    }
-}
-
 }  // namespace test
 }  // namespace keymaster