Add MAC length checking for AES OCB. Change-Id: I9ea564a00af3beb168cd5dc24a52c5f9c8b856a0

commit: 5cc8abdb0cac6900abbbb5147e0fe5ae5943e0dd [log] [tgz]
author: Shawn Willden <swillden@google.com> Thu Dec 11 14:07:44 2014 -0700
committer: Shawn Willden <swillden@google.com> Tue Dec 30 09:39:57 2014 -0700
tree: 0b16e7486716b9f19e3b4269ceb90d739b0578c9
parent: 5f9cc61dfdc471d774f5db93f96fe18217f4181e [diff] [blame]
diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index c59af35..4f17259 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp

@@ -319,7 +319,7 @@
         Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT),
         Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES), Authorization(TAG_KEY_SIZE, 128),
         Authorization(TAG_BLOCK_MODE, KM_MODE_OCB), Authorization(TAG_CHUNK_LENGTH, 4096),
-        Authorization(TAG_PADDING, KM_PAD_NONE),
+        Authorization(TAG_MAC_LENGTH, 16), Authorization(TAG_PADDING, KM_PAD_NONE),
     };
     req_.key_description.Reinitialize(params, array_length(params));
     device.GenerateKey(req_, &rsp_);
@@ -332,7 +332,7 @@
         Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT),
         Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES), Authorization(TAG_KEY_SIZE, 129),
         Authorization(TAG_BLOCK_MODE, KM_MODE_OCB), Authorization(TAG_CHUNK_LENGTH, 4096),
-        Authorization(TAG_PADDING, KM_PAD_NONE),
+        Authorization(TAG_MAC_LENGTH, 16), Authorization(TAG_PADDING, KM_PAD_NONE),
     };
     req_.key_description.Reinitialize(params, array_length(params));
     device.GenerateKey(req_, &rsp_);
@@ -343,9 +343,8 @@
     keymaster_key_param_t params[] = {
         Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT),
         Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT),
-        Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES),
-        Authorization(TAG_BLOCK_MODE, KM_MODE_OCB),
-        Authorization(TAG_CHUNK_LENGTH, 4096),
+        Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES), Authorization(TAG_BLOCK_MODE, KM_MODE_OCB),
+        Authorization(TAG_MAC_LENGTH, 16), Authorization(TAG_CHUNK_LENGTH, 4096),
         Authorization(TAG_PADDING, KM_PAD_NONE),
     };
 
@@ -368,7 +367,7 @@
     };
     req_.key_description.Reinitialize(params, array_length(params));
     device.GenerateKey(req_, &rsp_);
-    EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, rsp_.error);
+    EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, rsp_.error);
 }
 
 TEST_F(NewKeyGeneration, AesEcbUnsupported) {
@@ -396,6 +395,19 @@
     EXPECT_EQ(KM_ERROR_UNSUPPORTED_PADDING_MODE, rsp_.error);
 }
 
+TEST_F(NewKeyGeneration, AesOcbInvalidMacLength) {
+    keymaster_key_param_t params[] = {
+        Authorization(TAG_PURPOSE, KM_PURPOSE_ENCRYPT),
+        Authorization(TAG_PURPOSE, KM_PURPOSE_DECRYPT),
+        Authorization(TAG_ALGORITHM, KM_ALGORITHM_AES), Authorization(TAG_KEY_SIZE, 128),
+        Authorization(TAG_BLOCK_MODE, KM_MODE_OCB), Authorization(TAG_CHUNK_LENGTH, 4096),
+        Authorization(TAG_MAC_LENGTH, 17), Authorization(TAG_PADDING, KM_PAD_NONE),
+    };
+    req_.key_description.Reinitialize(params, array_length(params));
+    device.GenerateKey(req_, &rsp_);
+    EXPECT_EQ(KM_ERROR_INVALID_ARGUMENT, rsp_.error);
+}
+
 typedef KeymasterTest GetKeyCharacteristics;
 TEST_F(GetKeyCharacteristics, SimpleRsa) {
     keymaster_key_param_t params[] = {
commit	5cc8abdb0cac6900abbbb5147e0fe5ae5943e0dd	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Thu Dec 11 14:07:44 2014 -0700
committer	Shawn Willden <swillden@google.com>	Tue Dec 30 09:39:57 2014 -0700
tree	0b16e7486716b9f19e3b4269ceb90d739b0578c9
parent	5f9cc61dfdc471d774f5db93f96fe18217f4181e [diff] [blame]