Fix enforcement of block mode and MAC length on AES ops Bug: 22301168 Change-Id: I54b4efffa1786b08704dd6e785360870f155ed80

commit: e23a2c91145e2294915e5d0cc5d7591c1aa82aca [log] [tgz]
author: Shawn Willden <swillden@google.com> Mon Jul 06 15:52:45 2015 -0600
committer: Shawn Willden <swillden@google.com> Mon Jul 06 16:34:49 2015 -0600
tree: 4bfb734245a378f89723c07f229a40088d949b54
parent: 5532a085818bdf27ede33c9199024b86023e5961 [diff] [blame]
diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp
index 341183b..cb120a6 100644
--- a/android_keymaster_test.cpp
+++ b/android_keymaster_test.cpp

@@ -2076,6 +2076,21 @@
     EXPECT_EQ(0, GetParam()->keymaster0_calls());
 }
 
+TEST_P(EncryptionOperationsTest, AesEcbNotAuthorized) {
+    ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
+                                           .AesEncryptionKey(128)
+                                           .Authorization(TAG_BLOCK_MODE, KM_MODE_CBC)
+                                           .Padding(KM_PAD_NONE)));
+    // Two-block message.
+    string message = "12345678901234567890123456789012";
+    AuthorizationSet begin_params(client_params());
+    begin_params.push_back(TAG_BLOCK_MODE, KM_MODE_ECB);
+    begin_params.push_back(TAG_PADDING, KM_PAD_NONE);
+    EXPECT_EQ(KM_ERROR_INCOMPATIBLE_BLOCK_MODE, BeginOperation(KM_PURPOSE_ENCRYPT, begin_params));
+
+    EXPECT_EQ(0, GetParam()->keymaster0_calls());
+}
+
 TEST_P(EncryptionOperationsTest, AesEcbNoPaddingWrongInputSize) {
     ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
                                            .AesEncryptionKey(128)
commit	e23a2c91145e2294915e5d0cc5d7591c1aa82aca	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Mon Jul 06 15:52:45 2015 -0600
committer	Shawn Willden <swillden@google.com>	Mon Jul 06 16:34:49 2015 -0600
tree	4bfb734245a378f89723c07f229a40088d949b54
parent	5532a085818bdf27ede33c9199024b86023e5961 [diff] [blame]